Skip to content

Introduction

What is Cyber Forensics?

Cyber Forensics is a science which deals with techniques used to track the footprints left behind a cyber attack. Cyber forensics is directly linked to any cybercrime which has data loss and recovery. Some examples include investigation on possible forged digital signatures, the authenticity of images, analysis of malicious software etc.

Quote

Cyber Forensics is a science which deals with techniques used to track the footprints left behind a cyber attack.

Let us go into more detail of the definition from a CTF perspective. Any Capture The Flag contest usually has three prime categories of digital forensics. They are:

Scope of Forensics

When we talk about employment, research or anything, Cyber Forensics is one of the prime areas which comes into a security analyst's mind. Forensics is strongly employed in Incident Response, Malware Analysis, Data leak protection. Actually, to sum it up, every cybercrime is always related to cyber forensics.

To really understand this, let us look into a very dangerous virus attack which almost started world war III. Stuxnet was a virus which was found lurking in the systems which controlled nuclear centrifuges in Iran. Stuxnet had a stolen yet officially authorised digital signature which acted as a very good camouflage. Stuxnet made the windows systems constantly reboot or lead them to Blue Screen of Death. Stuxnet could easily affect any computer which was linked to the network. It was really difficult for security experts to trace it. It severely affected the SCADA systems which were employed in maintaining the rotation speed of the centrifuges. After heavy investigation, when several forensic analysts looked into the SCADA network transfer, they found a malicious program being run which altered the system processes. The main aspect which made Stuxnet almost invisible was that it became active only when its target was present or being run. Until then the virus remained dormant. So as you can see, Cyber forensics played a huge role in the detection of the virus.

Let us look at the trend of cyber attacks based on the analysis from January 2017-2018:

Some handy definitions:

  1. Cyber Espionage: Use of computer networks to get access to confidential information held by important organizations.

  2. Hacktivism: Act of hacking which is mainly done for a political purpose.

  3. Cyber Warfare: Cyber attacks are done on state organizations to gain military secrets etc.

alt text Cyber crimes are at 77% in 2017

Now let us look at January 2018: alt text

So as you can see, the percentage has increased to an alarming rate.

So, folks, I hope you understand just how important cyber forensics is in the current world of cybersecurity.